Metasploit mailing list archives
Custom "payloads"
From: nicob at nicob.net (Nicob)
Date: Wed, 07 Dec 2005 15:16:45 +0100
Hi, I'm actually working on a Metasploit plugin which is exploiting a SQL-Injection vulnerability. I don't have command or shellcode execution, but raw access to the underlying DB can be used to create a new admin account, modify the password of an existing admin account, ... So, I wonder how to ask to the MSF user which "payload" (ie. SQL query) he wants to execute. I can add a text field to 'UserOpts' and parse it later to get the selected payload, but I'm not sure it would be the cleanest way to do it. Any advice is welcome. Nicob
Current thread:
- Custom "payloads" Nicob (Dec 07)
- Custom "payloads" H D Moore (Dec 07)
- framwork exploitz update net spy (Dec 09)
- framwork exploitz update Jonatan B (Dec 09)
- framwork exploitz update Jerome Athias (Dec 09)
- framwork exploitz update ExploiT (Dec 09)
- framwork exploitz update net spy (Dec 09)
- Custom "payloads" H D Moore (Dec 07)